How can I become a Red Team Operator? – Yours sincerely, A recent graduate. We break down what it takes and why there's no shortcut, and why pentesting is the place to start: blog.compass-security.com/2025/04/i-wann… #redteam #infosec #pentest #career

Security analysts Stephan Sekula and Dennis Henke identified vulnerabilities in Ibexa DXP CMS: compass-security.com/en/news/detail…

3 milliseconds to admin — Our analyst John Ostrowski turned a DLL hijacking into a reliable local privilege escalation on Windows 11. He chained opportunistic locks, and API hooking to win the race to CVE-2025-24076 & CVE-2025-24994. Read his blog post: blog.compass-security.com/2025/04/3-mill…

Tired of sifting through Entra ID manually? EntraFalcon is a PowerShell tool that flags risky objects configs & privileged role assignments with ⚡ Scoring model 📊 HTML reports 🔒 No Graph API consent hassle. Get it now: blog.compass-security.com/2025/04/introd… #EntraID #IAM

In his latest blog post, Marc Tanner Marc André Tanner shows how to bypass BitLocker using BitPixie (CVE-2023-21563) and signed Microsoft components only. Check out the blog post for a PoC and a demo. #BitLocker #redteam blog.compass-security.com/2025/05/bypass…

Many CI/CD tools promise to keep your dependencies up to date - but if misconfigured, they can expose your organization. From token leaks to MR hijacks, Jan Friedli's latest blog post shows how bad configuration can turn a security tool into an attack vector. 🛠️💣

Primate traits run deep at Teleboy: smart, curious, and always evolving. If that sounds like you, take on the challenge. Test the boundaries of a telco-turned-tech player and help secure streaming, internet, and phone experience of 400,000+ users. #bugbounty #ethicalhacking

LLM-based vuln hunting just leveled up with xvulnhuntr - a fork of vulnhuntr with support for: C#, Java, Go. Read Nicolò Fornari's blog post and go grab the project on GitHub. blog.compass-security.com/2025/07/xvulnh…

Passwords are dead, long live passkeys! 🔑 In our latest blog, we go hands-on: real-life setups, plus tips for recovery and avoiding pitfalls. blog.compass-security.com/2025/08/into-t… #Passkeys #CyberSecurity #Authentication

Calling all bug hunters! schulNetz by Centerboard AG is now in scope! Help protect over 100k users in schools. Are you ready to make the grade and earn bounties? Program: bugbounty.compass-security.com/bug-bounties/c… #bugbounty

Kerberos powers auth in Windows and hides big security risks. We’re launching a 6-part deep dive: from protocol basics to attacks plus how to stop them. Starts today → blog.compass-security.com/2025/09/taming… → Subscribe to our channel! #Kerberos #ActiveDirectory

Episode 2 of our Kerberos deep dive is live. Kerberoasting lets attackers steal AD service account credentials. See how it works and how to protect your systems: youtu.be/PhNspeJ0r-4?fe… #Kerberos #ActiveDirectory

We use James Kettle’s (James Kettle) Burp extension Collaborator Everywhere daily. Now our upgrades are in v2: customizable payloads, storage, visibility. Perfect for OOB bugs like SSRF. Find out more here: blog.compass-security.com/2025/09/collab… #AppSec #BurpSuite #Pentesting

Episode 3 of our Kerberos deep dive is live. AS-REP Roasting abuses accounts without pre-auth. Learn the risks, how attackers exploit it, and how to defend. youtu.be/56BjmyOTN5o?fe… #Kerberos #ActiveDirectory

Episode 4 of our Kerberos deep dive is live. Unconstrained delegation can expose critical credentials. Learn how attackers abuse it. And how to lock down your systems. youtu.be/_6FYZRTJQ-s?fe… #Kerberos #ActiveDirectory

Episode 5 of our Kerberos deep dive is live. Constrained delegation isn’t bulletproof. See how attackers exploit it, and how to defend with monitoring & best practices. youtu.be/rnhr02eKU0I?si… #Kerberos #ActiveDirectory

The final episode of our Kerberos deep dive is live! RBCD opens new attack paths in Kerberos. Learn how misconfigs enable privilege escalation and how to defend. youtu.be/l97RDnzdrXY?fe… #Kerberos #ActiveDirectory

NIS2 means stricter rules and steep fines. Penetration testing is key to proving compliance & improving security, uncovering flaws before attackers do. Our latest blog explains why you need it now: blog.compass-security.com/2025/09/ensuri… #CyberSecurity #NIS2 #Pentesting

The leaked LockBit chats give a rare inside look at ransomware ops. Read our blog for an analysis and lessons for defenders: blog.compass-security.com/2025/10/lockbi… #CyberSecurity #Ransomware #LockBit

Learn about a FortiProxy Domain Fronting Protection bypass discovered by our analyst @[email protected] . Details in the advisory: compass-security.com/en/news/detail… Curious how web filters are evaded? Read his blog series: blog.compass-security.com/2025/03/bypass… #cve #pentest #bypass